Presented at the IndicThreads.com Software Development Conference 2016 held in Pune, India. More at http://www.IndicThreads.com and http://Pune16.IndicThreads.com
--
11. Yes, security is a concern
• Increased surface area for attacks
• Connects to the physical world around us
• Newer and tinier hardware
• Newer developers
32. Local Network
• Acts as a client for outside world
• router firewall
• Encrypted traffic at the MAC layer
• Requires Password/Certificate for access (explicit
delegation)
38. Compromised User
• Guest access to the network?
• Malware on user’s phone?
• Additional Cryptographic layers on top of the MAC layer
• User Management
Mention that direct access to the device is protected by the gateway/firewall
man in the middle - read/modify traffic
replay - open door lock
dns spoof - redirect to malicious server
Talk about user-association challenges, TLS, authorized APIs
OLA Money example
From an attacker’s point of view, attack vector limited to being near each device and then exploiting the vulnerability
From an attacker’s point of view, attack vector limited to being near each device and then exploiting the vulnerability